Fortinet Survey Reveals a Disconnect Between Ransomware Preparedness and Prevention
By David Finger | April 24, 2023
Ransomware has existed for decades, yet the threat of falling victim to an attack today is greater than ever. While 2021 saw an explosion in the volume, 2022 was marked by accelerated frequency. Case in point: In the first half of 2022, FortiGuard Labs observed the introduction of 10,666 new ransomware variants, double the number seen in the previous six months.
For the second time in three years, Fortinet surveyed 569 global cybersecurity leaders and decision-makers to understand their perspectives on ransomware and how it has impacted their organizations in the last year. Here’s a look at the key findings from the Fortinet 2023 Global Ransomware Report, group think about critical countermeasures, and insight into ransomware campaigns they experienced.
Organizations Believe They’re More Prepared Than Ever, Yet 50% Still Fell Victim to an Attack
As ransomware operations evolve and grow more sophisticated, it’s not surprising that 84% of organizations represented in this year’s survey remain “very” or “extremely” concerned about this threat, which is even higher than the 76% of respondents that expressed the same level of worry when surveyed in 2021. Despite the high level of concern, 78% also believe they are “very” or “extremely” prepared to prevent or mitigate a ransomware attack.
However, responses tell a different story. Of those surveyed (who felt well-prepared), half fell victim to a ransomware attack in the last 12 months, and 46% were targeted by ransomware two or more times. Not only that—counter to the traditional school of thought that selecting the best point product (often from a pure-play vendor) offers the best security—organizations taking a best-of-breed approach were more likely to fall victim to ransomware in the last year. By contrast, those who had consolidated technologies through a platform approach (fully or with select point products) were less likely to be impacted. It’s time for organizations to look at cybersecurity as a whole, not as individual projects and products, especially given the prevalence of multivector, multistage cyber campaigns.
New Year, Same Entry Points
As with our previous survey, phishing remained the top tactic (56%) that malicious actors used to infiltrate a network and launch a ransomware attack. This was followed by ports left open to the internet (54%) and exploitation of remote desktop protocol (51%). Phishing remains a recurring challenge. We know that even the best secure email gateway cannot maintain 100% effectiveness 100% of the time, given the mature Ransomware-as-a-Service industry. And for all of the end-user training we might conduct, it takes just one lapse in judgment from an employee for threat actors to gain a foothold.
While these two measures are absolutely necessary, they are not sufficient on their own. We need a strong, well-configured, and maintained layer of behavior-based defense on endpoints. This is where the data resides and the ransomware must run to achieve its purposes. However, this is no easy task for organizations to manage. We need trained people and efficient processes, as well as comprehensive technology, to address the ransomware challenge.
Same goes for the importance of attack surface management, an emerging discipline which, frankly, should be as thorough and programmatic as vulnerability management. Understandably, it is a challenge to stay abreast of all the possible entry and egress points of a digital organization. However, there are tools available and processes to help effectively manage this exposure for those who prioritize it.
Remote Desktop Protocol (RDP) is the tricky one, given the frequent legitimate use in most organizations. Having the personnel, time, and skill to monitor for illegitimate use is quite rare. Even the technologies to monitor it can be noisy and time-consuming. As much as we can reduce the risk of misuse through stronger identity and access management to prevent stolen credentials from providing access to authorized tools, this “eyes on the glass” function is a tough one, and perhaps best outsourced.
Business Leaders Plan to Make Additional Investments in Ransomware Prevention
The good news is that despite a shifting economy, 91% of respondents expect their security budgets to increase this year, allowing them to invest in addressing challenges related to securing against ransomware and other threats. Those surveyed named various solutions they felt were essential to secure against ransomware attacks. Half or more cited the following security technologies as being important: Internet-of-Things (IoT) security, secure access service edge (SASE), cloud workload protection, next-generation firewalls (NGFWs), endpoint detection and response (EDR), zero-trust network access (ZTNA), and secure email gateway (SEG). When asked what they plan to invest in next, respondents said they’re focusing on IoT security (57%), NGFWs (53%), and EDR (51%).
To the earlier point of making changes, it is encouraging to see that the importance of email security increased the most, along with that of ZTNA, and plans to invest in both email security and EDR increased the most since the prior survey.
Longer term, respondents called out plans to invest in technologies driven by artificial intelligence (AI) and machine learning (ML) to detect ransomware sooner, followed by central monitoring tools like security information and event management (SIEM) and security orchestration, automation, and response (SOAR) as their top priority areas.
Regional Takeaways: Perceived Preparation and Challenges are Common, but Ransomware Frequency, Demands, and Technology Investment Varies
As mentioned, we conducted a global survey and organizations’ perspectives on ransomware and their respective levels of concern, preparedness, and top challenges have largely normalized across all regions. Nearly all respondents worldwide indicated that having a ransomware strategy was one of their top priorities. No question, this is a worldwide issue.
However, the percentages of organizations in various regions that suffered a ransomware attack varied a fair bit—Asia Pacific/Japan (APJ) experienced the most (56%). In contrast, Europe, the Middle East, and Africa (EMEA) experienced the least (41%).
There were also differences in planned technology investments, with leaders from North America (NA) and EMEA wanting to invest more heavily in ZTNA than APJ and Latin America (LATAM). As for ransom demands, respondents in EMEA received smaller ransom requests than other regions, while organizations in APJ and NA saw higher ransom demands. It was concerning that ransom demands seemed to vary by the ability to pay, with larger organizations and more critical industries such as manufacturing receiving the highest ransoms.
Effective Steps to Protecting Against Ransomware
Based on the survey results, it’s clear that the top challenges to preventing a ransomware attack were related to people and processes as well a range of technology, with many organizations needing more clarity on how to secure against the threat. As organizations seek to enhance their security strategies to protect against ransomware, they have specific technologies they can put in place, but there must be a fundamentally different approach.
Adopt a security platform approach
Remember that “more” doesn’t always mean “better,” especially concerning technology. Instead of continuing to select best-of-breed point products that operate in silos, look for these same technologies as platform components that are inherently designed to work seamlessly together, almost as a security mesh architecture. A coordinated approach to cybersecurity, such as the Fortinet Security Fabric, goes a long way in safeguarding your business against ransomware and other attacks
Embrace services where needed
We know cybersecurity expertise is in short supply, and ransomware defense is no exception. Look to expert third parties to help assess your readiness, identify gaps, and exercise your people and processes. Take advantage of incident readiness and response services and, on an ongoing basis, services such as managed detection and response (MDR) and SOC-as-a-Service (SOCaaS) can help overburdened security teams take full advantage of their implemented technologies.
Tackle the basics first, then plan for the future
Before rushing out to buy the latest “hot technology,” focus on the proven areas of risk, such as strong email security at the gateway and endpoint, routine identification and mitigation of attack surface exposure, strong authentication, and identity management with regular changes to credentials. After that, consider additional AI-driven technology to speed detection and response.
Although ransomware isn’t slowing anytime soon, organizations have a variety of technologies and services at their disposal to help them better protect against this growing threat.
Download your copy of the Fortinet 2023 Global Ransomware Report to read more insights and learn the most effective strategies to safeguard your enterprise.